Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

PHP shell_exec    executing a mysql query

Posted on 2014-01-18
16
Medium Priority
?
1,604 Views
Last Modified: 2014-01-19
i have a PHP script where the following shell_exec seems to return null
echo "SIMPLE MYSQL:".       shell_exec('mysql cphulkd -e "SELECT 1+1 "')  ;

i've tried various ways to find out what it's returning but it seems to be blank/null.

the plain mysql shell command
mysql cphulkd -e "SELECT 1+1 "

works fine when executed directly from linux shell.

any thoughts on debugging PHP shell_exec ?

thanks
0
Comment
Question by:willsherwood
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
16 Comments
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39791232
It's not a matter of debugging, it's that the web server user doesn't have permissions to do that.  Your web server would have to be running 'suexec' to run that under your own user permissions.  Which would have to be in your own directory.
0
 

Author Comment

by:willsherwood
ID: 39791243
i'm running from root, with the files owned by and in grp of 'nobody'
permissions:  -rw-r--r--.

i've sandwiched the  shell_exec(mysql)  with
echo shell_exec(uptime);

and the uptime prints properly twice -- just nothing for the mysql command in between
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39791252
If you are running PHP thru a web server, you are Not running as 'root', you are probably running as 'www' which has very limited permissions on purpose.  In theory, you should be able to run that PHP script on the command line instead of thru the web server and have it work.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39791259
This page http://us1.php.net/manual/en/function.shell-exec.php says that you can use 'exec' instead to get the program error code.  Note the notes about running under Apache and seeing a blank line for a multi-line response.

Of course, the more interesting question is why aren't you accessing MySQL thru the PHP drivers?
0
 

Author Comment

by:willsherwood
ID: 39791324
the tables are internal WHM database tables with accessibility restrictions.
I'm trying to make a sort of limited API that i can call externally without security risks.
i cannot run mysql directly from PHP because i don't know (nor want to know) the authentication for the connection.

perhaps it's just not permitted to call anything related to mysql from shell_exec ?
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39791376
It's probably not allowed to run anything at all thru 'shell_exec' because it doesn't have permission.  Anything run thru 'shell_exec' is run as the user that calls it and thru the web server that would be 'www', not 'root'.
0
 
LVL 58

Expert Comment

by:Gary
ID: 39791378
Is shell_exec() enabled in php.ini and not disabled?
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39791415
No.  It's all about user permissions.  You may run as 'root' at the command line but you will never run as 'root' thru the web server.  shell_exec() probably only works completely right if you also have 'suexec' running on the server.  'suexec' allows Apache to give you user access to the command line.  However... that can still be limited by the owner / user of the directory and files.

Your example "mysql cphulkd -e "SELECT 1+1 "" must be doing some kind of auto-login because I can't do that on my system.
0
 

Author Comment

by:willsherwood
ID: 39791458
sorry if my previous reply didn't get thru or wasn't clear... from within this PHP context:
    echo shell_exec(uptime);
works fine.
fwiw, also:
    echo shell_exec(dir);
    echo shell_exec("echo '1'");
work as expected.

cphulk is a cpanel system login monitor "firewall" for login protection, and its blocks are kept in the mysql table  cphulkd   which is accessible via the shell mysql command previously shown;   it's this mysql cmd line i cannot get to execute from within the  shell_exec.
Are you saying that some shell commands have differing permissions from other commands
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39791600
It's possible.  Note that all your working examples don't change anything, they just report pretty generic information, and any user can run those commands.  The 'mysql' command line does require a login on every system that I know of.  What are you getting for a response from "mysql cphulkd -e "SELECT 1+1 ""?
0
 

Author Comment

by:willsherwood
ID: 39791628
when i execute it directly in the shell, it gives the  +----+    tabled  format
 1+1

   2

when called from php   shell_exec,    nothing.  (null, or maybe a logged/hidden error)
0
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 2000 total points
ID: 39791689
I tried this on my Ubuntu 10.04 system and got basically the same results as you have.  'uptime' and 'dir' work.  But on the command line, my 'mysql' will not accept the password from the command line, only 'interactively'.  And it definitely won't accept a login with no user or password.
0
 

Author Closing Comment

by:willsherwood
ID: 39792043
thanks for your help.
upon further inspection, indeed it was a mysql user/pw access problem
appreciate your patience and peristence
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39792459
You're welcome, glad to help.
0
 

Author Comment

by:willsherwood
ID: 39792786
it was just so curious that mysql seemed to be the only command that didn't work (that i tried).
but now we have an easy API for determining if someone is blocked via cpHulk login denial.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39792804
Yes, that did seem odd.  Even odder on my system where it wouldn't allow the password on the command line.  I know that my older MySQL on my Windows box doesn't act that way.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question